The Android-specific chmod and chown operations on the client socket
(for communication with wpa_supplicant) did not protect against file
replacement between the bind() and chmod()/chown() calls. If the
directory in which the client socket is created (depends a bit on the
version and platform, but /data/misc/wifi/sockets is commonly used)
allows write access to processes that are different (less privileged)
compared to the process calling wpa_ctrl_open2(), it might be possible
to delete the socket file and replace it with something else (mainly, a
symlink) before the chmod/chown operations occur. This could have
resulted in the owner or permissions of the target of that symlink being
modified.
In general, it would be safest to use a directory which has more limited
write privileges (/data/misc/wifi/sockets normally has 'wifi' group
(AID_WIFI) with write access), but if that cannot be easily changed due
to other constraints, it is better to make wpa_ctrl_open2() less likely
to enable this type of race condition between the operations.
Replace chown() with lchown() (i.e., a version that does not dereference
symlinks) and chmod() with fchmod() on the socket before the bind() call
which is also not going to dereference a symlink (whereas chmod()
would). lchown() is a standard operation, but the fchmod() on the socket
is less so (unspecified behavior in some systems). However, it seems to
work on Linux and in particular, on Android, where this code is
executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add even more workarounds for cfg80211 regulatory state clearing since
these DFS test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add even more workarounds for cfg80211 regulatory state clearing since
these DFS test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
While selecting a new channel as a reaction to radar event we need to
take into account supported bandwidth for each channel provided via
nl80211. Without this modification hostapd might select an unsupported
channel that would fail during AP startup.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
While doing automatic channel selection we need to take into account
supported bandwidth for each channel provided via nl80211. Without this
modification hostapd might select an unsupported channel which would
fail during AP startup.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
This adds checks to common code to verify supported bandwidth options
for each channel using nl80211-provided info. No support of additional
modes is added, just additional checks. Such checks are needed because
driver/hardware can declare more strict limitations than declared in the
IEEE 802.11 standard. Without this patch hostapd might select
unsupported channel and that will fail because Linux kernel does check
channel bandwidth limitations.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Add NL80211_FREQUENCY_ATTR_NO_* channel attributes parsing. This is
needed for correct checking if channel is available in a particular
bandwidth.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Add support for 160 MHz BW channels to automatic channel selection
algorithm. Only 36 and 100 channels are supported as 160 MHz channels.
Signed-off-by: Dmitry Lebed <lebed.dmitry@gmail.com>
Add even more workarounds for cfg80211 regulatory state clearing since
these WNM test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_s->bss_tm_status is within #ifdef CONFIG_WNM, so need to access it
through matching condition.
Fixes: 80d06d0ca9 ("dbus: Export BSS Transition Management status")
Signed-off-by: Jouni Malinen <j@w1.fi>
Move to the version used in draft-ietf-emu-eap-tls13-03.txt, i.e.,
include the 0x0D prefix and use a different TLS-Exporter() label string.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some distributions (e.g., Debian) have started introducting systemwide
OpenSSL policies to disable older protocol versions and ciphers
throughout all programs using OpenSSL. This can result in significant
number of interoperability issues with deployed EAP implementations.
Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server)
parameters to be used to request systemwide policies to be overridden if
older versions are needed to be able to interoperate with devices that
cannot be updated to support the newer protocol versions or keys. The
default behavior is not changed here, i.e., the systemwide policies will
be followed if no explicit override configuration is used. The overrides
should be used only if really needed since they can result in reduced
security.
In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network
profile parameter can be used to explicitly enable TLS versions that are
disabled in the systemwide configuration. For example,
phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS
v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces
TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter
can be used to override systemwide policy, e.g., with
openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1
in Debian to allow shorter keys to be used.
In hostapd, tls_flags parameter can be used to configure similar
options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1]
Signed-off-by: Jouni Malinen <j@w1.fi>
TLS v1.3 was already disabled by default for EAP-FAST, EAP-TTLS,
EAP-PEAP, and EAP-TLS, but the unauthenticated client cases of EAP-TLS
-like functionality (e.g., the one used in OSEN) were missed. Address
those EAP types as well in the same way of disabling TLS v1.3 by default
for now to avoid functionality issues with TLS libraries that enable TLS
v1.3 by default.
Signed-off-by: Jouni Malinen <j@w1.fi>
SSL_use_certificate_chain_file() was added in OpenSSL 1.1.0, so need to
maintain the old version using SSL_use_certificate_file() for backwards
compatibility.
Fixes: 658c39809b ("OpenSSL: Load chain certificates from client_cert file")
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, add even more workarounds for cfg80211 regulatory state
clearing since this test case seems to be the most likely one to fail
due to country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test case for FT-over-DS that got broken on
mac80211-based drivers when the extra key reinstallation checks were
added.
Signed-off-by: Jouni Malinen <j@w1.fi>
FT-over-the-DS has a special case where the STA entry (and as such, the
TK) has not yet been configured to the driver depending on which driver
interface is used. For that case, allow add-STA operation to be used
(instead of set-STA). This is needed to allow mac80211-based drivers to
accept the STA parameter configuration. Since this is after a new
FT-over-DS exchange, a new TK has been derived after the last STA entry
was added to the driver, so key reinstallation is not a concern for this
case.
Fixes: 0e3bd7ac68 ("hostapd: Avoid key reinstallation in FT handshake")
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in going through FT authentication if the next step
would have to use association exchange which will be rejected by the AP
for FT, so only allow FT-over-air if previous BSSID is set, i.e., if
reassociation can be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ft_oom seemed to depend on undesired wpa_supplicant behavior of
trying to do FT protocol even without being ready for reassociation.
This is going to be fixed in wpa_supplicant which would make this test
case fail, so split it into separate test cases for each failure item to
be able to avoid incorrect test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous roam() and roam_over_ds() checks would have ignored failing
association rejection if a consecutive attempt to connect succeeds
within the initial time limit. This can miss incorrect behavior, so
check explicitly for association rejection.
Signed-off-by: Jouni Malinen <j@w1.fi>
During P2PS PD Request processing wpa_supplicant removes stale and empty
persistent groups, but it did not notify D-Bus to unregister object. Fix
this by adding the missing notifications.
Signed-off-by: Jouni Malinen <j@w1.fi>
During P2PS PD Request processing wpa_supplicant removes stale
persistent groups, but it did not notify D-Bus to unregister object.
This can result in leaving behind objects pointing to freed memory and
memory leaks. Sometime it can cause a crash in wpa_config_get_all()
function and DBUS_ERROR_OBJECT_PATH_IN_USE errors.
Fix this by adding the missed notification to D-Bus code to unregister
the object.
Signed-off-by: Amit Khatri <amit7861234@gmail.com>
Once mesh starts supporting DFS channels, it has to handle DFS related
events from drivers, hence add mesh interface to the check list.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpa_supplicant configuration has country parameter that is supposed to
be used in AP mode to indicate supporting IEEE 802.11h and 802.11d.
Reflect this configuration to Mesh also since Mesh is required to
support 802.11h and 802.11d to use DFS channels.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
RSN initialization should work together with mesh join when it's used.
Since mesh join could be called at a different stage if DFS channel is
used, relocate the RSN initialization call to mesh join. It is still the
same call flow of mesh join before this if non-DFS channels are used,
hence no significant side effect will occur.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh join function consists of two parts which are preparing
configurations and sending join event to the driver. Since physical mesh
join event could happen either right after mesh configuration is done or
after CAC is done in case of DFS channel is used, factor out the
function into two parts to reduce redundant calls.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
The number of direct allocation within wpa_supplicant_mesh_init()
has been reduced due to RSN init function is factored out.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
RSN initialization can be used in different phases if mesh
initialization and mesh join don't happen in sequence such as DFS CAC is
done in between, hence factor it out to help convering the case. This
can also get rid of unnecessary indentation by handling the
mconf->security != MESH_CONF_SEC_NONE functionality in a helper
function.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Setting mem_only_psk=1 in the wpa_supplicant configuration prevents the
passphrase from being stored in the configuration file. wpa_supplicant
will request the PSK passphrase over the control interface in such case
and this new wpa_cli command can be used to set the psk_passphrase.
usage:
psk_passphrase <network id> <psk_passphrase>
Signed-off-by: Hagai Moshe <hagai.moshe@tandemg.com>
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
wpa_supplicant currently logs CTRL-EVENT-AUTH-FAILED errors when
authentication fails, but doesn't expose any property to the D-Bus
interface related to this.
This change adds the "AuthStatusCode" property to the interface, which
contains the IEEE 802.11 status code of the last authentication.
Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
Add new Interface properties "BSSTMStatus", which carries the status of
the most recent BSS Transition Management request. This property will be
logged in UMA to measure 802.11v success.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Add new Interface properties "RoamTime", "RoamComplete", and
"SessionLength". "RoamTime" carries the roam time of the most recent
roam in milliseconds. "RoamComplete" carries True or False corresponding
to the success status of the most recent roam. "SessionLength" carries
the number of milliseconds corresponding to how long the connection to
the last AP was before a roam or disconnect happened.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The documentation in the hostapd.conf file says that the dynamic_vlan
variable is used to control whether VLAN assignments are accepted from a
RADIUS server. The implication seems to be that a static VLAN assignment
will come from the accept_mac_file if dynamic_vlan is set to 0, and a
dynamic assignment will come from the RADIUS server if dynamic_vlan is
set to 1. Instead, I'm seeing that the static settings from the
accept_mac_file are ignored if dynamic_vlan is set to 0, but used if
dynamic_vlan is set to 1. If dynamic_vlan is set to 1 and the RADIUS
server does not provide a VLAN, then the accept_mac_file assignment is
overridden and the STA is assigned to the default non-VLANed interface.
If my understanding of the expected behavior is correct, then I believe
the problem is in ap_sta_set_vlan(). That routine checks the
dynamic_vlan setting, but has no way of determining whether the incoming
vlan_desc is static (i.e., from accept_mac_file) or dynamic (i.e., from
a RADIUS server).
I've attached a patch that gets hostapd working as I believe it's meant
to, and updates the documentation to make the implicit behavior
explicit.
The functional changes are:
- hostapd_allowed_address() will always extract the vlan_id from the
accept_macs file. It will not update the vlan_id from the RADIUS cache
if dynamic_vlan is DISABLED.
- hostapd_acl_recv_radius() will not update the cached vlan_id if
dynamic_vlan is DISABLED.
- ieee802_1x_receive_auth() will not update the vlan_id if dynamic_vlan
is DISABLED.
More cosmetic:
Most of the delta is just moving code out of ieee802_1x_receive_auth()
into a new ieee802_1x_update_vlan() routine. While I initially did this
because the new DISABLED check introduced excessive indentation, it has
the added advantage of eliminating the vlan_description allocation and
os_memset() call for all DYNAMIC_VLAN_DISABLED configs.
I've done a couple rounds of review offline with Michael Braun (who has
done much of the work in this part of the code) and incorporated his
feedback.
If dynamic_vlan=0 (disabled), vlan assignments will be managed using the
local accept_mac_file ACL file, even if a RADIUS server is being used
for user authentication. This allows us to manage users and devices
independently.
Signed-off-by: Nils Nieuwejaar <nils.nieuwejaar@gmail.com>
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.
Signed-off-by: Jouni Malinen <j@w1.fi>
These flags were used in SCAN_RESULTS command output, but not BSS. Make
these consistent by adding the flags to BSS as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PADDING array used when adding padding bits in MD4 never change
so can be made const. Making it const puts the array in .rodata
section and can save a few bytes of RAM for systems running without
virtual memory.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
After performing a successful channel switch, the AP should update its
own neighbor report element, so do this from src/ap/drv_callbacks.c
after a successful switch.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Move functions corresponding to neighbor report elements to
src/ap/neighbor_db.[c,h] in preparation to using them after channel
switch from src/ap/drv_callbacks.c.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The function sha512_compress() has a local variable that consumes 640
bytes. This is very heavy for embedded devices that have limited stack
resources. Handle this by replacing the static allocation with a dynamic
one.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>